Home: www.packetnexus.com
Published on The O'Reilly Network (http://www.oreillynet.com/) http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html See this if you're having trouble printing code examples Using SSH Tunneling by Rob Flickenger 02/23/2001 They say that the Wired Equivalent Privacy protocol has been cracked. What's a wireless user to do? WaveLAN's silver and gold cards In November, I wrote an introduction to Lucent's WaveLAN wireless card, the 802.11b PC card that we've been using at the O'Reilly Network to bring our machines online in a wireless local area network. A lot can happen in a couple of months. In that article, I explained the difference between the WaveLAN silver and gold cards, and suggested that since the gold cards were only a few dollars more for much stronger encryption, it was worth it to buy the gold cards (assuming that breaking total compatibility with the 802.11b spec wasn't an issue.) Since then, a team of cryptographers at the University of California at Berkeley identified weaknesses in the way the Wired Equivalent Privacy (WEP) algorithm was implemented in 802.11b, potentially making the strength of encryption irrelevant. This news should not be cause for alarm, or even discomfort. WEP was not designed to be the ultimate "killer" security tool (nor can anything claim to be). Its acronym makes the intention clear: wired equivalent protection. In other words, the aim behind WEP was to provide no greater protection than you would have when you physically plug into your Ethernet network. So, if it has been cracked, what good is WEP? And how can one protect oneself if WEP isn't the answer? 802.11b's security weaknesses "You can try it for yourself; run tcpdump on your laptop, and watch the traffic going through your access point just fly by!" WEP has never provided much more than a form of access control to your wireless nodes. With a shared private key, everyone participating in your network has the potential to eavesdrop on everyone else. You can try it for yourself; run tcpdump on your laptop, and watch the traffic going through your access point just fly by! Passwords, private e-mails, web traffic, everything could potentially be logged and pored over later by anyone who can associate with your access point. Plus, key management under 802.11b is difficult. Who wants to distribute a shared password, only to have to change it regularly (and revisit all of those clients who weren't adept enough to set it up themselves in the first place?) Some drivers try to cope with this by letting the user assign multiple keys and pick between them, but this just postpones the inevitable. Tunneling for security WEP insecurity really isn't a problem for people who are already tunneling their traffic. Sure, Johnny and Jane Cracksalot may point their high-gain dish at the company from two blocks away, and even take the 5+ hours and gigs of disk space necessary to track every packet. But if you're using an SSH tunnel from your laptop to your servers, they'll still have the insurmountable task of cracking strong cryptography (Blowfish, 3DES, Arcfour, etc.). Until someone finds a cheap way to build a quantum computer (and perhaps a cold fusion cell to power it) this is generally considered a waste of time. Ditto for SSL (Secure Sockets Layer) connections to secure web servers. A tunnel is a networking term with an appropriate name. It refers to a connection, usually encrypted, that connects two computers to